Title

Firefox Studies must be disabled. (Cat II impact)

Discussion

Studies try out different features and ideas before they are released to all Firefox users. Testing beta software is not in the DoD user's mission.

Check Content

Type "about:policies" in the browser address bar. If "DisableFirefoxStudies" is not displayed under Policy Name or the Policy Value does not have a value of "true", this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox Policy Name: Disable Firefox Studies Policy State: Enabled macOS "plist" file: <key>DisableFirefoxStudies</key> <true/> Linux "policies.json" file: Add the following in the policies section: "DisableFirefoxStudies": true

Additional Identifiers

Rule ID: SV-252909r879587_rule

Vulnerability ID: V-252909

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.